The :close_others option is true by default for system() and exec(). Also,
the close-on-exec flag is set by default for all new file descriptors. This
means file descriptors doesn't inherit to spawned process unless
explicitly requested such as system(…, fd=>fd).

Kernel#respond_to? against a protected method now returns false unless the
second argument is true.

TLS 1.1 & 1.2 support by setting OpenSSL::SSL::SSLContext#ssl_version
to :TLSv1_2, :TLSv1_2_server, :TLSv1_2_client or :TLSv1_1, :TLSv1_1_server
:TLSv1_1_client. The version being effectively used can be queried with
OpenSSL::SSL#ssl_version. Furthermore, it is also possible to blacklist the
new TLS versions with OpenSSL::SSL:OP_NO_TLSv1_1 and
OpenSSL::SSL::OP_NO_TLSv1_2.

Added OpenSSL::SSL::SSLContext#renegotiation_cb.
A user-defined callback may be set which gets called whenever a new
handshake is negotiated. This also allows to programmatically decline
(client) renegotiation attempts.

Support for “0/n” splitting of records as BEAST mitigation via
OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS.

The default options for OpenSSL::SSL::SSLContext
have changed to OpenSSL::SSL::OP_ALL &
~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS instead of
OpenSSL::SSL::OP_ALL only. This enables the countermeasure for the BEAST
attack by default.

OpenSSL requires passwords for
decrypting PEM-encoded files to be at least four characters long. This led
to awkward situations where an export with a password with fewer than four
characters was possible, but accessing the file afterwards failed. OpenSSL::PKey::RSA, OpenSSL::PKey::DSA and OpenSSL::PKey::EC therefore
now enforce the same check when exporting a private key to PEM with a
password - it has to be at least four characters long.

SSL/TLS support for the Next Protocol Negotiation extension. Supported with
OpenSSL 1.0.1 and higher.

OpenSSL::OPENSSL_FIPS allows client applications to detect whether OpenSSL is FIPS-enabled. OpenSSL.fips_mode=
allows turning on and off FIPS mode manually in order to adapt to
situations where FIPS mode would be an explicit requirement.

Authenticated Encryption with Associated Data (AEAD) is supported via
Cipher#auth_data= and Cipher#auth_tag/Cipher#auth_tag=. Currently (OpenSSL
1.0.1c), only GCM mode is supported.

This version is largely backwards-compatible with previous rdoc versions.
The most notable change is an update to the ri data format (ri data must be
regenerated for gems shared across rdoc versions). Further API changes are
internal and won't affect most users.

Notable changes include:

Page support for ri. Try `ri ruby:` for a list of pages in ruby or `ri
ruby:syntax/literals` for the syntax documentation for literals.

This also works for gems such as `ri rspec:README` for the rspec gem's
README file.